App Review Norton Security 360 Deluxe 2023

[Shadowra]

Content source

https://odysee.com/@Shadowra:f/Norton-Security-360-Deluxe-2023:9

Norton is a well known antivirus and also a behemoth in computer security, having acquired Avira and Avast.
Previously hated, it is now very appreciated, we will see together if Norton is still at the top or not.



Interface: 10/10

Norton offers a very simple and pleasant interface.
It is very family oriented because everything is at hand (settings, anti-malware analysis etc).
Norton has also undergone a small facelift in terms of color, the alerts are yellow and quite large, which I like a little less, I preferred its old alerts, more discreet.
Norton is still very light, we like that!

Protection:10/10 Web / Fake crack 1/1 Remains 10 threats on 78 malware / PC Infected after Malware Pack but blocked by Norton

On the URL test, Norton easily gets rid of URLs.
Surprisingly, it does not issue any alerts when its web protection blocks an infected file...

The fake crack was also detected.

On the pack, something I noticed directly, Norton was able to correct the deletion errors it used to encounter and is faster to delete!
Norton tried to defend itself and prove its efficiency and held on, until I ran a bloated file trapped by LapusClipper.
Norton will block the connection, but the system is still infected because it is present in memory despite Norton's blocking.


Result :
Norton: 0
KVRT : 5 - infection in memory !
ESET : 1 - Infection in memory


Recommand : Yes but in a family environment
System Clean : No system infected

 

[M4RT1NE2]

Thanks for the test

 

[SeriousHoax]

Nice test

Norton tried to defend itself and prove its efficiency and held on, until I ran a bloated file trapped by LapusClipper.
Norton will block the connection, but the system is still infected because it is present in memory despite Norton's blocking.

In this case, Norton always recommends to run Power Eraser which it did in your case also. You needed to run it and it would have detected the bloated file and after selecting delete and system restart, the malware wouldn't have stayed in memory any longer.
So, the system is protected because Norton IPS blocks the malware from doing any harm and Power Eraser would clean up the remaining mess.

 

[harlan4096]

Are You telling me that Norton installed application needs an external/stand-alone tool (NPE) to clean up a resident memory infection in the system?

 

[njonji]

System Clean : No system infected

Makes it sound like nothing was infected. Punctuation is important
Otherwise, nice test.

 

[SeriousHoax]

You are telling me that Norton installed application needs an external/stand-alone tool (NPE) to clean up the system?

Yeah, that's how it is even though it's rather strange. Norton Power Eraser is their aggressive scanner and is installed with Norton. Not fully similar but think of it like Kaspersky's Advanced Disinfection. Like Kaspersky, Norton recommends this when it suspects it needs an aggressive cleanup method.
Pause the video on 3:44 to see it.

 

[Shadowra]

Makes it sound like nothing was infected. Punctuation is important
Otherwise, nice test.

Sorry, English and me, we are not always very friendly (I'm bad in English but I'm learning )

 

[artek]

Yeah, that's how it is even though it's rather strange. Norton Power Eraser is their aggressive scanner and is installed with Norton. Not fully similar but think of it like Kaspersky's Advanced Disinfection. Like Kaspersky, Norton recommends this when it suspects it needs an aggressive cleanup method.
Pause the video on 3:44 to see it.

To be fair, the initial popup says "no further action is required." The prompt for power eraser only shows up when a user clicks for further details.

 

[SeriousHoax]

To be fair, the initial popup says "no further action is required." The prompt for power eraser only shows up when a user clicks for further details.

Yeah, that's correct.

 

[Maschera]

Thank you for the test. I generally follow all of your tests and I also appreciate your effort. I wonder if there will be an up-to-date and comprehensive test for GData?

 

[Trooper]

Thank you for the test!

 

[RansomwareRemediation]

thanks for the test <3 .Mediocre result from Norton. I didn't expect it to have a malware left in memory Greeting.

 

[Thales]

Sorry, English and me, we are not always very friendly (I'm bad in English but I'm learning )

Try ChatGPT for this puprose. The language model does awesome job.

 

[Shadowra]

Thank you for the test. I generally follow all of your tests and I also appreciate your effort. I wonder if there will be an up-to-date and comprehensive test for GData?

Yep, during the month of April

 

[superleeds27]

I don't mind the new popups. But more obvious than the previous ones.

Shame about the results here though.

 

[Sorrento]

Thanks for this test & all the other testing you do, its much appreciated

 

[Nikos751]

From Norton's behaviour at recent tests I can understand that:

• IPS works wonders
• AV is just good
• FP's have fallen down

So,

• For security industry known malware or malware that has a generally known/detectable behavior pattern, even unknown malware, vendors like BitDefender, Kaspersky Eset & Avast will definitely do better -> they can prevent infection
• For malware difficult to catch even via BB/ML, IPS will still popup as it's a network inspection mechanism, and malicious network behaviour patterns are more difficult to hide
• System will almost always be protected from leaking data as IPS blocks phone-home connections, this is the most important thing for financial malware & malware downloading payloads.
• System can actually get infected, even if the malware cannot proceed to further actions, and it's not convenient to any degree

So, when there is an IPS detection for Norton, it's vital for the user to run NPE (fortunately included) and maybe some other scanners for disinfection. No malware will go unnoticed or send important data to third parties even the nasty ones.
But, all this can be true if IPS is really top notch and can detect anomalies (not just by network signatures), I cannot be sure about that, only assumptions from tests.

 

[Trident]

@Nikos751 you are correct about IPS. IPS signatures are quick to deploy and block huge variety of nasties, from exploits to scams, malware calling home and many others. IPS looks at how programs communicate and that changes less from threat to threat, if at all.

IPS is also extremely difficult to evade, unlike static analysis, dynamic analysis, behavioural blocking and many other methods.

Apart from IPS, Norton also blocks executable content in documents similar to CheckPoint/ZoneAlarm and that alone can suspend many attacks.

The observation that the antivirus is just good, I wouldn’t agree on that so much. The antivirus is top-notch but as all technologies aimed at identification of malicious code and not prevention (like sandboxing, HIPS, Application Control) it suffers natural limitations. The same limitations can be observed with all competing products.

Eset specifically, hasn’t been proven to be better than Norton in anything except if HIPS is enabled and set to a more aggressive level and that’s a parade of alerts.

 

[Nikos751]

@Trident Maybe you 're right, my concern is there because there are cases where IPS detects the malware and not the AV, while others have usually a detection from the AV/BB that is safer. I consider BB as complementary to the AV. I would still feel safe while IPS would prevent my actual data to be sent over though.

 

[Trident]

@Trident Maybe you 're right, my concern is there because there are cases where IPS detects the malware and not the AV, while others have usually a detection from the AV/BB that is safer. I consider BB as complementary to the AV. I would still feel safe while IPS would prevent my actual data to be sent over though.

Sometimes due to the IPS block, the program can’t continue with its malicious behaviour and this is the reason why it’s not picked up by other components.
This can be observed with other anti-bot components such as the Avast Resident Shield, Bitdefender Online Threat Defence, CheckPoint/ZoneAlarm Anti-Bot and others that block malicious traffic.

I am not sure what’s the reason for Symantec/Norton not to remediate programs instantly once they’ve generated an IPS-detected traffic, as far as I remember, Kaspersky System Watcher and Avast instantly remediate programs if there is traffic to a suspicious host. That, plus the program not being widely used and signed should be a clear evidence that it shouldn’t be left.

That’s one thing they really need to look at. For example CheckPoint can be configured to start incident remediation straight away.

Nevertheless, the traffic is blocked so it can’t do its harm. Power Eraser scan is advised to clean the infection. They should just start a background scan with it and remove everything.

I am not a product manager there sadly.